US9344273B2 - Cryptographic device for implementing S-box - Google Patents
Cryptographic device for implementing S-box Download PDFInfo
- Publication number
- US9344273B2 US9344273B2 US14/291,665 US201414291665A US9344273B2 US 9344273 B2 US9344273 B2 US 9344273B2 US 201414291665 A US201414291665 A US 201414291665A US 9344273 B2 US9344273 B2 US 9344273B2
- Authority
- US
- United States
- Prior art keywords
- logic gates
- bits
- circuit logic
- gates
- input signal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003491 array Methods 0.000 abstract description 37
- 238000013478 data encryption standard Methods 0.000 description 6
- 238000000034 method Methods 0.000 description 4
- 238000006467 substitution reaction Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/003—Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/76—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/38—Methods or arrangements for performing computations using exclusively denominational number representation, e.g. using binary, ternary, decimal representation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/30003—Arrangements for executing specific machine instructions
- G06F9/3005—Arrangements for executing specific machine instructions to perform operations for flow control
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0625—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
- H04L2209/122—Hardware reduction or efficient architectures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
- H04L2209/127—Trusted platform modules [TPM]
Definitions
- Apparatuses and methods consistent with exemplary embodiments relate to a cryptographic device.
- DES Data encryption standard
- S-Box substitution box for use in DES carries out a substitution operation to convert an m-bit input into an n-bit output.
- an S-Box When DES is embodied with hardware, an S-Box is designed using a lookup table. However, a data value of the S-Box may be exposed to a hacker according to a hardware design technique. Accordingly, there is a need for the hardware design for an S-Box that is capable of preventing exposure of internal data even when the S-Box is attacked by a hacker.
- Exemplary embodiments provide a cryptographic device.
- a cryptographic device including: arrays of first logic gates including I first logic gates each receiving 2 bits from among N bits of an input signal, where I and N are positive integers; 2 N second logic gates each receiving corresponding J bits from among I bits output from the arrays of first logic gates, where J is a positive integer; and L third logic gates each receiving K bits from among 2 N bits of signal output from the second logic gates, where L and K are positive integers, wherein the I bits, the 2 N bits, and L bits respectively output from the arrays of the first logic gates, the second logic gates, and the third logic gates each have only one active bit, and there is a many-to-one correspondence between the N bits of the input signal and an output signal of the third logic gates.
- a cryptographic device including: an array of first logic gates receiving first 2 bits among 6 bits of an input signal and outputting first 4 bits; an array of second logic gates receiving second 2 bits among the 6 bits of the input signal and outputting second 4 bits; an array of third logic gates receiving third 2 bits among the 6 bits of the input signal and outputting third 4 bits; 64 forth logic gates each receiving corresponding 3 bits from among the 4 bits output from the arrays of the first, second, and third logic gates; and 16 fifth logic gates each receiving 4 bits from among the 64 bits output from the fourth logic gates, wherein the 4 bits, the 64 bits, and the 16 bits respectively output from the arrays of the first, second, and third logic gates, the fourth logic gates, and the fifth logic gates each have only one active bit, and there is a many-to-one correspondence between the 6 bits of the input signal and an output signal of the fifth logic gates.
- a cryptographic device including: a first decoder which decodes an input signal of N bits into 2 N bits; and a second decoder which decodes the 2 N bits output from the first decoder into L bits, wherein the 2 N bits output from the first decoder and the L bits output from the second decoder each include only one active bit, and wherein N and L are positive integers.
- a cryptographic method including: receiving, at each of arrays of first logic gates comprising I first logic gates, 2 bits from among N bits of an input signal; receiving, at each of 2 N second logic gates, corresponding J bits from among I bits output from the arrays of the first logic gates; and receiving, at each of L third logic gates, K bits from among 2 N bits output from the second logic gates, wherein the I bits, the 2 N bits, and L bits respectively output from the arrays of the first logic gates, the second logic gates, and the third logic gates each have only one active bit, wherein there is a many-to-one correspondence between the N bits of the input signal and an output signal of the third logic gates, and wherein the N, I, J, K, and L are positive integers, respectively.
- FIG. 1 illustrates a cryptographic device according to an exemplary embodiment
- FIG. 2 illustrates a cryptographic device according to another exemplary embodiment
- FIG. 3 illustrates a detailed circuit configuration of arrays of logic gates shown in FIG. 2 according to an exemplary embodiment
- FIG. 4 illustrates an S-Box lookup table according to an exemplary embodiment
- FIG. 5 illustrates an example of a cryptographic device having a reset function according to an exemplary embodiment
- FIG. 6 illustrates a circuit configuration of arrays of logic gates shown in FIG. 2 according to another exemplary embodiment.
- FIG. 1 illustrates a cryptographic device 100 according to an exemplary embodiment.
- the cryptographic device 100 includes a first decoder 110 , a second decoder 120 , and an encoder 130 .
- the first decoder 110 receives an input signal IN which is 6 bits and outputs 64 bits.
- the 64 bit output from the first decoder 110 includes one active bit from among the 64 bits according to the 6 bits of the input signal IN.
- the second decoder 120 decodes the 64 bits from the first decoder 110 into 16 bits. Irrespective of a value of the 6 bits of the input signal IN, power consumed in the first and second decoders 110 and 120 is constantly maintained. As a result, the cryptographic device 100 may be protected from a hacker's attack, such as a differential power attack (DPA) and an attack through electromagnetic (EM) detection.
- DPA differential power attack
- EM electromagnetic
- the encoder 130 encodes the 16 bits output from the second decoder 120 into a 4 bit output signal OUT and outputs the output signal OUT.
- the cryptographic device 100 shown in FIG. 1 may convert 6 bits of input signal IN into 4 bits of output signal OUT according to an S-Box many-to-one binary function.
- FIG. 2 illustrates a cryptographic device 200 according to another exemplary embodiment.
- the cryptographic device 200 includes arrays 211 , 212 , and 213 of first logic gates, an array 220 of second logic gates, an array 230 of third logic gates, and an encoder 240 .
- the array 211 of the first logic gates receives 2 bits A 0 and A 1 from among bits of an input signal IN and outputs 4 bits B 0 , B 1 , B 2 , and B 3 .
- the array 211 of the first logic gates includes a plurality of logic gates (not shown) each receiving 2 bits A 0 and A 1 .
- the other arrays 212 and 213 of the first logic gates are organized with the same or similar circuit structure as the array 211 of the first logic gates and perform the same or similar operations as the array 211 of the first logic gates.
- Each of the arrays 211 , 212 , and 213 receives different 2 bits from among the bits of the input signal IN and outputs 4 bits. That is, the arrays 211 , 212 , and 213 output a total of 12 bits B 0 ⁇ B 11 .
- the array 220 of the second logic gates receives the 12 bits from the arrays 211 , 212 , and 213 of the first logic gates and outputs 64 bits C 0 ⁇ C 63 .
- the array 220 of the second logic gates includes a plurality of logic gates (not shown) each receiving 1 bit from each of the arrays 211 , 212 , and 213 of the first logic gates (i.e., each receiving a total of 3 bits).
- the array 230 of the third logic gates receives the 64 bits C 0 ⁇ C 63 from the array 220 of the second logic gates and outputs 16 bits D 0 ⁇ D 15 corresponding to the 64 bits C 0 ⁇ C 63 .
- the array 230 of the third logic gates includes a plurality of logic gates (not shown) each receiving 4 bits from among the 64 bits C 0 ⁇ C 64 from the array 220 of the second logic gates. There is a many-to-one correspondence according to an S-Box binary function between 6 bits of the input signal IN and a K-bit signal input to the respective logic gates in the array 230 of the third logic gates.
- the encoder 240 outputs the 16 bits D 0 ⁇ D 15 output from the array 230 of the third logic gates, as a 4 bit signal OUT.
- the encoder 240 encodes the 16 bits D 0 ⁇ D 15 into 4 bits of signal OUT.
- the encoder 240 may be designed to constantly consume current although the 16 bits of signals D 0 ⁇ D 15 have any value.
- the cryptographic device 200 shown in FIG. 2 may substitute 6 bits of input signal IN with 4 bits of output signal OUT according to an S-Box binary function.
- one of respective logic gates constructed therein i.e., a total five logic gates
- FIG. 3 illustrates a detailed circuit configuration of arrays of logic gates shown in FIG. 2 according to an exemplary embodiment.
- the array 211 of the first logic gates include two inverters 301 and 302 and four AND gates 303 ⁇ 306 .
- the inverter 301 receives an input signal A 0
- the inverter 302 receives an input signal A 1 .
- the AND gate 303 receives the input signals A 0 and A 1 .
- the AND gate 304 receives the input signal A 0 and an output of the inverter 302 .
- the AND gate 305 receives an output of the inverter 301 and the input signal A 1 .
- the AND gate 306 receives outputs of the inverters 301 and 302 .
- the array 211 of the first logic gates receive 2 bits A 0 and A 1 and outputs 4 bits through the AND gates 303 ⁇ 306 .
- the arrays 212 and 213 of other first logic gates are organized with the same or similar structures as the array 211 of the first logic gates.
- the array 212 of the first logic gates receives input signals A 2 and A 3 and the array 213 of the first logic gates receives input signals A 4 and A 5 .
- the array 220 of the second logic gates includes 64 AND gates 311 .
- Each of the AND gates 311 includes three input terminals and an output terminal. Furthermore, each of the AND gates 311 receives 1 bit from each of the arrays 211 , 212 , and 213 of the first logic gates (i.e., each of the AND gates 311 receives a total of 3 bits). More specifically, each of the AND gates 311 in the array 220 of the second logic gates receives 1 bit from among the 4 bits B 0 ⁇ B 3 , 1 bit from among the 4 bits B 4 ⁇ B 7 , and 1 bit from among the 4 bits B 9 ⁇ B 11 .
- the 64 bits C 0 ⁇ C 63 output from the array 220 of the second logic gates are decoding signals according to the number of cases (2 6 ) of A 0 , A 1 , A 2 , A 3 , A 4 , and A 5 . Only one of the 64 AND gates 311 in the array 220 of the second logic gates is toggled according to 12 bits B 0 ⁇ B 11 output from the arrays 211 ⁇ 213 of the first logic gates. That is, among the 64 bits C 0 ⁇ C 63 output from the 64 AND gates 311 in the array 220 of the second logic gates, only one bit is an active bit.
- the array 230 of the third logic gates includes 16 OR gates 321 .
- Each of the OR gates 321 includes four input terminals and one output terminal.
- Each of the OR gates 321 receives 4 bits from among the 64 bits C 0 ⁇ C 63 output from the array 230 of the second logic gates.
- the 4 bits input to each of the OR gates 321 are determined according to an S-Box lookup table.
- FIG. 4 illustrates an S-Box lookup table according to an exemplary embodiment. Although a DES algorithm uses a total of eight S-Boxes, FIG. 4 shows one S-Box. Referring to FIG. 4 , the lookup table shows 4 output bits to 6 bits of input signal A 0 ⁇ A 5 . Among the 6 bits A 0 ⁇ A 5 , 2 bits A 0 and A 5 designate rows of the lookup table and four bits A 1 , A 2 , A 3 , and A 4 designate columns of the lookup table.
- the output signal “0111” is designated by not only the row “10” and the column “1011” but also a row “00” and a column “1111,” a row “01” and a column “0010,” and a row “11” and a column “0111.” This is because the S-BOX uses a many-to-one binary function.
- the array 230 of the third logic gates always outputs the same 4 bits to four types of values of 6 bits of input signals A 0 ⁇ A 5 according to the lookup table shown in FIG. 4 .
- each of the OR gates 321 in the array 230 of the third logic gates receives 4 bits from among the 64 bits C 0 ⁇ C 63 output from the AND gates 311 in the array 220 of the second logic gates.
- an OR gate corresponding to “0111” in the array 230 of the third logic gates is connected to receive output signals of an AND gate corresponding to “011110,” “000101,” “110110,” and “101111” in the array 220 of the second logic gates.
- input terminals of the OR gates 321 in the array 230 of the third logic gates are connected to output signals of the AND gates 311 in the array 220 of the second logic gates according to the lookup table shown in FIG. 4 .
- the 16 bits D 0 ⁇ D 15 output from the array 230 of the third logic gates are provided to the encoder 240 shown in FIG. 2 .
- AND gates in the arrays 211 , 212 , and 213 of the first logic gates and the array 220 of the second logic gates are toggled one by one. Further, any one of the OR gates in the array 230 of the third logic gates is toggled. Accordingly, a total of five logic gates are toggled at the arrays 211 , 212 , 213 , 220 , and 230 of the first to third logic gates although the input signals A 0 -A 5 have any value. For this reason, the amount of current consumed at the arrays 211 , 212 , 213 , 220 , and 230 of the first to third logic gates is always constant irrespective of values of the input signals A 0 ⁇ A 6 . Accordingly, with a simple circuit configuration, an S-Box for DES algorithm is implemented using hardware, and a cryptographic device with security against a hacker's attack may be implemented.
- the cryptographic device 200 shown in FIG. 3 is a cryptographic device implementing one S-Box. Eight cryptographic devices 200 are used to implement eight S-Boxes. In that case, the AND gates 311 in the array 220 of the second logic gates are connected to the OR gates 321 in the array 230 of the third logic gates according to a many-to-one correspondence between input and output signals of the S-Box.
- an input signal IN is 6 bits and an output signal OUT is 4 bits.
- bit widths of the input signal IN and the output signal OUT may be variously changed. With the change in bit widths of the input signal IN and the output signal OUT, the number of the arrays 211 , 212 , and 213 of the first logic gates, the number of the AND gates 311 in the array 220 of the second logic gates, and the number of the OR gates 230 in the third logic gates are changed. However, a many-to-one correspondence between the input signal IN and the output signal OUT is established.
- FIG. 5 illustrates an example of a cryptographic device 500 having a reset function according to an exemplary embodiment.
- the cryptographic device 500 further inputs a clock signal CK to AND gates in arrays 511 ⁇ 513 of first logic gates. If a previous output signal is logic “1,” the AND gates invert the output signal into logic “0” at a low level of the clock signal CK. In this case, the amount of current consumption is not changed because only 1 bit transitions to an inactive state.
- FIG. 6 illustrates another circuit configuration of arrays of logic gates shown in FIG. 2 according to another exemplary embodiment.
- arrays 611 ⁇ 613 of first logic gates include OR gates 603 ⁇ 606
- an array 620 of second logic gates includes OR gates 621
- an array 630 of third logic gates includes AND gates 631 .
- input signals A 0 ⁇ A 5 have any value like in FIG. 3 , only five logic gates are toggled at arrays 611 , 612 , 613 , 620 , and 630 of first to third logic gates shown in FIG. 6 .
- Signals output from the arrays 611 , 612 , 613 , 620 , and 630 of the first to third logic gates include five inactive bits with the other bits being active bits.
- the amount of current consumed at the arrays 611 , 612 , 613 , 620 , and 630 of the first to third logic gates is always constant irrespective of values of the input signals A 0 ⁇ A 6 .
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Mathematical Physics (AREA)
- Computational Mathematics (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Optimization (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Mathematical Analysis (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
- Logic Circuits (AREA)
Abstract
Provided is a cryptographic device implementing an S-Box of an encryption algorithm using a many-to-one binary function. The cryptographic device includes: arrays of first logic gates including I first logic gates which each receive 2 bits of an input signal; 2N second logic gates which each receive corresponding J bits from among I bits output from the arrays of the first logic gates; and L third logic gates which each receive K bits from among 2N bits output from the second logic gates, wherein there is a many-to-one correspondence between the N bits of the input signal and the K bits input to each of the third logic gates, and wherein the N, I, J, K, and L are positive integers. Because a signal output from each array includes only one active bit, current is always consumed constantly to prevent internal data from leaking out to a hacker.
Description
This is a continuation application of U.S. application Ser. No. 12/889,854, filed Sep. 24, 2010, which claims priority from Korean Patent Application No. 10-2009-0117881, filed on Dec. 1, 2009 in the Korean Intellectual Property Office, the entirety of which is hereby incorporated by reference.
1. Field
Apparatuses and methods consistent with exemplary embodiments relate to a cryptographic device.
2. Description of Related Art
In recent years, information transmitted by a user in communications using a smart card or an integrated circuit (IC) card, Internet communications, wireless local area network (LAN) communications, and Internet banking include secret information. Secret information may be leaked by hacking. Therefore, hardware encryption/decryption devices are increasingly being used to prevent the leakage of secret information. Prior to transmission of secret information receiving a signature or passing an authentication procedure, the hardware encryption/decryption device transforms the secret information into a cryptogram.
Because speed of an encryption operation is typically low, most encryption operations are carried out using hardware to be applied to devices such as a smart card. Data encryption standard (DES) is a type of block encryption algorithm and a symmetric key encryption scheme using 56 bits of a key. A substitution box (hereinafter referred to as “S-Box”) for use in DES carries out a substitution operation to convert an m-bit input into an n-bit output.
When DES is embodied with hardware, an S-Box is designed using a lookup table. However, a data value of the S-Box may be exposed to a hacker according to a hardware design technique. Accordingly, there is a need for the hardware design for an S-Box that is capable of preventing exposure of internal data even when the S-Box is attacked by a hacker.
Exemplary embodiments provide a cryptographic device.
According to an aspect of an exemplary embodiment, there is provided a cryptographic device including: arrays of first logic gates including I first logic gates each receiving 2 bits from among N bits of an input signal, where I and N are positive integers; 2N second logic gates each receiving corresponding J bits from among I bits output from the arrays of first logic gates, where J is a positive integer; and L third logic gates each receiving K bits from among 2N bits of signal output from the second logic gates, where L and K are positive integers, wherein the I bits, the 2N bits, and L bits respectively output from the arrays of the first logic gates, the second logic gates, and the third logic gates each have only one active bit, and there is a many-to-one correspondence between the N bits of the input signal and an output signal of the third logic gates.
According to an aspect of an exemplary embodiment, there is provided a cryptographic device including: an array of first logic gates receiving first 2 bits among 6 bits of an input signal and outputting first 4 bits; an array of second logic gates receiving second 2 bits among the 6 bits of the input signal and outputting second 4 bits; an array of third logic gates receiving third 2 bits among the 6 bits of the input signal and outputting third 4 bits; 64 forth logic gates each receiving corresponding 3 bits from among the 4 bits output from the arrays of the first, second, and third logic gates; and 16 fifth logic gates each receiving 4 bits from among the 64 bits output from the fourth logic gates, wherein the 4 bits, the 64 bits, and the 16 bits respectively output from the arrays of the first, second, and third logic gates, the fourth logic gates, and the fifth logic gates each have only one active bit, and there is a many-to-one correspondence between the 6 bits of the input signal and an output signal of the fifth logic gates.
According to an aspect of another exemplary embodiment, there is provided a cryptographic device including: a first decoder which decodes an input signal of N bits into 2N bits; and a second decoder which decodes the 2N bits output from the first decoder into L bits, wherein the 2N bits output from the first decoder and the L bits output from the second decoder each include only one active bit, and wherein N and L are positive integers.
According to an aspect of another exemplary embodiment, there is provided a cryptographic method including: receiving, at each of arrays of first logic gates comprising I first logic gates, 2 bits from among N bits of an input signal; receiving, at each of 2N second logic gates, corresponding J bits from among I bits output from the arrays of the first logic gates; and receiving, at each of L third logic gates, K bits from among 2N bits output from the second logic gates, wherein the I bits, the 2N bits, and L bits respectively output from the arrays of the first logic gates, the second logic gates, and the third logic gates each have only one active bit, wherein there is a many-to-one correspondence between the N bits of the input signal and an output signal of the third logic gates, and wherein the N, I, J, K, and L are positive integers, respectively.
Exemplary embodiments will become more apparent in view of the attached drawings and accompanying detailed description. The exemplary embodiments depicted therein are provided by way of example, not by way of limitation, wherein like reference numerals refer to the same or similar elements. The drawings are not necessarily to scale, emphasis instead being placed upon illustrating aspects of the exemplary embodiments, wherein:
Exemplary embodiments will now be described more fully hereinafter with reference to the accompanying drawings.
The second decoder 120 decodes the 64 bits from the first decoder 110 into 16 bits. Irrespective of a value of the 6 bits of the input signal IN, power consumed in the first and second decoders 110 and 120 is constantly maintained. As a result, the cryptographic device 100 may be protected from a hacker's attack, such as a differential power attack (DPA) and an attack through electromagnetic (EM) detection.
The encoder 130 encodes the 16 bits output from the second decoder 120 into a 4 bit output signal OUT and outputs the output signal OUT. The cryptographic device 100 shown in FIG. 1 may convert 6 bits of input signal IN into 4 bits of output signal OUT according to an S-Box many-to-one binary function.
The array 220 of the second logic gates receives the 12 bits from the arrays 211, 212, and 213 of the first logic gates and outputs 64 bits C0˜C63. The array 220 of the second logic gates includes a plurality of logic gates (not shown) each receiving 1 bit from each of the arrays 211, 212, and 213 of the first logic gates (i.e., each receiving a total of 3 bits).
The array 230 of the third logic gates receives the 64 bits C0˜C63 from the array 220 of the second logic gates and outputs 16 bits D0˜D15 corresponding to the 64 bits C0˜C63. The array 230 of the third logic gates includes a plurality of logic gates (not shown) each receiving 4 bits from among the 64 bits C0˜C64 from the array 220 of the second logic gates. There is a many-to-one correspondence according to an S-Box binary function between 6 bits of the input signal IN and a K-bit signal input to the respective logic gates in the array 230 of the third logic gates.
The encoder 240 outputs the 16 bits D0˜D15 output from the array 230 of the third logic gates, as a 4 bit signal OUT. The encoder 240 encodes the 16 bits D0˜D15 into 4 bits of signal OUT. The encoder 240 may be designed to constantly consume current although the 16 bits of signals D0˜D15 have any value. Thus, the cryptographic device 200 shown in FIG. 2 may substitute 6 bits of input signal IN with 4 bits of output signal OUT according to an S-Box binary function.
In the respective arrays 211, 212, 213, 220, and 230, one of respective logic gates constructed therein (i.e., a total five logic gates) outputs an active bit (or inactive bit) although an input signal IN has any value. Therefore, power is constantly consumed irrespective of the input signal IN.
In the array 211 of the first logic gates, only one AND gate among the four AND gates 303˜306 is toggled according to the input signals A0 and A1. That is, only one bit among four bits B0˜B3 output from the four AND gates 303˜306 is an active bit that is a high level. Since the array 211 of the first logic gates always outputs one active bit for all cases of the input signals A0 and A1, current consumed at the array 211 of the first logic gates is always constant. Similar to the array 212 of the first logic gates, each of the other arrays 212 and 213 of the first logic gates outputs only one active bit.
The array 220 of the second logic gates includes 64 AND gates 311. Each of the AND gates 311 includes three input terminals and an output terminal. Furthermore, each of the AND gates 311 receives 1 bit from each of the arrays 211, 212, and 213 of the first logic gates (i.e., each of the AND gates 311 receives a total of 3 bits). More specifically, each of the AND gates 311 in the array 220 of the second logic gates receives 1 bit from among the 4 bits B0˜B3, 1 bit from among the 4 bits B4˜B7, and 1 bit from among the 4 bits B9˜B11. The 64 bits C0˜C63 output from the array 220 of the second logic gates are decoding signals according to the number of cases (26) of A0, A1, A2, A3, A4, and A5. Only one of the 64 AND gates 311 in the array 220 of the second logic gates is toggled according to 12 bits B0˜B11 output from the arrays 211˜213 of the first logic gates. That is, among the 64 bits C0˜C63 output from the 64 AND gates 311 in the array 220 of the second logic gates, only one bit is an active bit.
The array 230 of the third logic gates includes 16 OR gates 321. Each of the OR gates 321 includes four input terminals and one output terminal. Each of the OR gates 321 receives 4 bits from among the 64 bits C0˜C63 output from the array 230 of the second logic gates. The 4 bits input to each of the OR gates 321 are determined according to an S-Box lookup table.
Returning to FIG. 3 , the array 230 of the third logic gates always outputs the same 4 bits to four types of values of 6 bits of input signals A0˜A5 according to the lookup table shown in FIG. 4 . Thus, each of the OR gates 321 in the array 230 of the third logic gates receives 4 bits from among the 64 bits C0˜C63 output from the AND gates 311 in the array 220 of the second logic gates. For example, when 6 bits of input signal A0˜A5 are “011110,” “000101,” “110110,” and “101111,” an output signal is “0111.” Therefore, an OR gate corresponding to “0111” in the array 230 of the third logic gates is connected to receive output signals of an AND gate corresponding to “011110,” “000101,” “110110,” and “101111” in the array 220 of the second logic gates. Likewise, input terminals of the OR gates 321 in the array 230 of the third logic gates are connected to output signals of the AND gates 311 in the array 220 of the second logic gates according to the lookup table shown in FIG. 4 . The 16 bits D0˜D15 output from the array 230 of the third logic gates are provided to the encoder 240 shown in FIG. 2 .
As illustrated in FIG. 3 , AND gates in the arrays 211, 212, and 213 of the first logic gates and the array 220 of the second logic gates are toggled one by one. Further, any one of the OR gates in the array 230 of the third logic gates is toggled. Accordingly, a total of five logic gates are toggled at the arrays 211, 212, 213, 220, and 230 of the first to third logic gates although the input signals A0-A5 have any value. For this reason, the amount of current consumed at the arrays 211, 212, 213, 220, and 230 of the first to third logic gates is always constant irrespective of values of the input signals A0˜A6. Accordingly, with a simple circuit configuration, an S-Box for DES algorithm is implemented using hardware, and a cryptographic device with security against a hacker's attack may be implemented.
The cryptographic device 200 shown in FIG. 3 is a cryptographic device implementing one S-Box. Eight cryptographic devices 200 are used to implement eight S-Boxes. In that case, the AND gates 311 in the array 220 of the second logic gates are connected to the OR gates 321 in the array 230 of the third logic gates according to a many-to-one correspondence between input and output signals of the S-Box.
As set forth in the above-described exemplary embodiments, an input signal IN is 6 bits and an output signal OUT is 4 bits. However, bit widths of the input signal IN and the output signal OUT may be variously changed. With the change in bit widths of the input signal IN and the output signal OUT, the number of the arrays 211, 212, and 213 of the first logic gates, the number of the AND gates 311 in the array 220 of the second logic gates, and the number of the OR gates 230 in the third logic gates are changed. However, a many-to-one correspondence between the input signal IN and the output signal OUT is established.
Although input signals A0˜A5 have any value like in FIG. 3 , only five logic gates are toggled at arrays 611, 612, 613, 620, and 630 of first to third logic gates shown in FIG. 6 . Signals output from the arrays 611, 612, 613, 620, and 630 of the first to third logic gates include five inactive bits with the other bits being active bits. Likewise even when the arrays 211, 212, 213, 220, and 230 of the first to third logic gates illustrated in FIG. 3 are substituted with the arrays 611, 612, 613, 620, and 630 of the first to third logic gates, the amount of current consumed at the arrays 611, 612, 613, 620, and 630 of the first to third logic gates is always constant irrespective of values of the input signals A0˜A6.
To sum up, when an S-Box operation is carried out, constant current is always consumed to prevent internal data from leaking to hackers.
While exemplary embodiments have been described with reference to the accompanying drawings, it will be apparent to those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the present inventive concept. Therefore, it should be understood that the above exemplary embodiments are not limiting, but illustrative. Thus, the scope of the inventive concept is to be determined by the broadest permissible interpretation of the following claims and their equivalents, and shall not be restricted or limited by the foregoing description.
Claims (20)
1. An integrated circuit (IC) having a cryptographic function, the IC comprising:
a plurality of first circuit logic gates configured to receive an input signal having a plurality of bits;
a plurality of second circuit logic gates, each of the plurality of second circuit logic gates being configured to receive outputs of corresponding first circuit logic gates;
a plurality of third circuit logic gates, each of the plurality of third circuit logic gates being configured to receive outputs of corresponding second circuit logic gates; and
an encoder configured to receive outputs of the plurality of third circuit logic gates and to output an encoded signal having a plurality of bits,
wherein each of a plurality of values of the encoded signal corresponds to at least two values of a plurality of values of the input signal, each value of the encoded signal being represented by the plurality of bits of the encoded signal, each value of the input signal being represented by the plurality of bits of the input signal,
wherein, for any value of the plurality of bits of the input signal, a predetermined number of the first circuit logic gates from among the plurality of first circuit logic gates output logic “1” and the remaining first circuit logic gates output logic “0”,
wherein, for any value of the plurality of bits of the input signal, a predetermined number of the second circuit logic gates from among the plurality of second circuit logic gates output logic “1” and the remaining second circuit logic gates output logic “0”, and
wherein, for any value of the plurality of bits of the input signal, a predetermined number of the third circuit logic gates from among the plurality of third circuit logic gates output logic “1” and the remaining third circuit logic gates output logic “0”.
2. The IC of claim 1 , wherein the plurality of first circuit logic gates is arranged into one or more groups, each of the one or more groups including four or more first circuit logic gates from among the plurality of first circuit logic gates, each of the one or more groups being configured to receive two or more bits from among the plurality of bits of the input signal.
3. The IC of claim 2 , wherein each of the plurality of second circuit logic gates receives one among outputs of each group of first circuit logic gates.
4. The IC of claim 2 , wherein the predetermined number of the second circuit logic gates from among the plurality of second circuit logic gates is one, and
wherein the predetermined number of the third circuit logic gates from among the plurality of third circuit logic gates is one.
5. The IC of claim 4 , wherein the predetermined number of the first circuit logic gates from among the plurality of first circuit logic gates equals to the number of the one or more groups, and
wherein one of the first circuit logic gates of each group outputs logic “1” and the remaining first circuit logic gates of each group output logic “0”.
6. The IC of claim 1 , wherein the total number of the plurality of bits of the input signal is greater than the total number of the plurality of bits of the encoded signal.
7. The IC of claim 1 , wherein the plurality of first circuit logic gates includes a plurality of AND gates,
wherein the plurality of second circuit logic gates includes AND gates, and
wherein the plurality of third circuit logic gates includes a plurality of OR gates.
8. The IC of claim 1 , wherein the plurality of first circuit logic gates includes a plurality of OR gates,
wherein the plurality of second circuit logic gates includes OR gates, and
wherein the plurality of third circuit logic gates includes a plurality of AND gates.
9. The IC of claim 1 , further comprising a plurality of inverters configured to invert the plurality of bits of the input signal.
10. The IC of claim 1 , wherein total power consumed by the plurality of first circuit logic gates, the plurality of second circuit logic gates and the plurality of third circuit logic gates is constantly maintained, for any value of the plurality of bits of the input signal.
11. The IC of claim 1 , wherein the IC device is configured to receive a reset signal.
12. The IC of claim 11 , wherein each of the plurality of first circuit logic gates is configured to receive the reset signal.
13. The IC of claim 11 , wherein the reset signal is a clock signal.
14. The IC of claim 1 , wherein the total number of bits of the outputs of the plurality of second circuit logic gates is greater than the number of the plurality of bits of the input signal.
15. The IC of claim 1 , wherein the total number of bits of the outputs of the plurality of second circuit logic gates is greater than the total number of bits of the outputs of the plurality of third circuit logic gates.
16. The IC of claim 1 , wherein the IC device is a smart card.
17. The IC of claim 1 , wherein the IC device is an integrated circuit card.
18. An integrated circuit (IC) having a cryptographic function, the IC comprising:
a decoder comprising a plurality of circuit logic gates configured to receive an input signal consisting of k bits; and
an encoder configured to receive an output signal from the plurality of circuit logic gates of the decoder and to encode the received output signal to generate an output signal having m bits,
wherein the decoder is configured to generate n number of logic ‘1’ in response to any input signal,
wherein each of k, m and n is a positive integer,
wherein k is greater than m, and
wherein the plurality of circuit logic gates comprises:
a plurality of first circuit logic gates configured to receive the input signal consisting of k bits, and
a plurality of second circuit logic gates, each of the plurality of second circuit logic gates being configured to receive outputs of corresponding first circuit logic gates.
19. The IC of claim 18 , wherein the decoder comprises a plurality of AND gates and a plurality of OR gates.
20. An integrated circuit (IC) having a cryptographic function, the IC comprising:
a plurality of first circuit logic gates configured to receive an input signal having a plurality of bits;
a plurality of second circuit logic gates, each of the plurality of second circuit logic gates being configured to receive outputs of corresponding first circuit logic gates;
a plurality of third circuit logic gates, each of the plurality of third circuit logic gates being configured to receive outputs of corresponding second circuit logic gates; and
an encoder configured to receive outputs of the plurality of third circuit logic gates and to output an encoded signal having a plurality of bits,
wherein each of a plurality of values of the encoded signal corresponds to at least two values of a plurality of values of the input signal, each value of the encoded signal being represented by the plurality of bits of the encoded signal, each value of the input signal being represented by the plurality of bits of the input signal,
wherein, for any value of the plurality of bits of the input signal, a predetermined number of the first circuit logic gates from among the plurality of first circuit logic gates output logic “1” and the remaining first circuit logic gates output logic “0”,
wherein, for any value of the plurality of bits of the input signal, a predetermined number of the second circuit logic gates from among the plurality of second circuit logic gates output logic “1” and the remaining second circuit logic gates output logic “0”, and
wherein, for any value of the plurality of bits of the input signal, a predetermined number of the third circuit logic gates from among the plurality of third circuit logic gates output logic “1” and the remaining third circuit logic gates output logic “0”.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/291,665 US9344273B2 (en) | 2009-12-01 | 2014-05-30 | Cryptographic device for implementing S-box |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020090117881A KR101646705B1 (en) | 2009-12-01 | 2009-12-01 | Cryptographic device for implementing s-box |
KR10-2009-0117881 | 2009-12-01 | ||
US12/889,854 US8750497B2 (en) | 2009-12-01 | 2010-09-24 | Cryptographic device for implementing S-box |
US14/291,665 US9344273B2 (en) | 2009-12-01 | 2014-05-30 | Cryptographic device for implementing S-box |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/889,854 Continuation US8750497B2 (en) | 2009-12-01 | 2010-09-24 | Cryptographic device for implementing S-box |
Publications (2)
Publication Number | Publication Date |
---|---|
US20160112194A1 US20160112194A1 (en) | 2016-04-21 |
US9344273B2 true US9344273B2 (en) | 2016-05-17 |
Family
ID=44068921
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/889,854 Active 2032-11-10 US8750497B2 (en) | 2009-12-01 | 2010-09-24 | Cryptographic device for implementing S-box |
US14/291,665 Active US9344273B2 (en) | 2009-12-01 | 2014-05-30 | Cryptographic device for implementing S-box |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/889,854 Active 2032-11-10 US8750497B2 (en) | 2009-12-01 | 2010-09-24 | Cryptographic device for implementing S-box |
Country Status (2)
Country | Link |
---|---|
US (2) | US8750497B2 (en) |
KR (1) | KR101646705B1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10891396B2 (en) | 2016-05-27 | 2021-01-12 | Samsung Electronics Co., Ltd. | Electronic circuit performing encryption/decryption operation to prevent side- channel analysis attack, and electronic device including the same |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102100408B1 (en) | 2014-03-04 | 2020-04-13 | 삼성전자주식회사 | Encoder resistant to power analysis attack and encoding method thereof |
EP3384422B1 (en) * | 2015-12-02 | 2021-02-24 | Cryptography Research, Inc. | Freeze logic |
KR20210108787A (en) * | 2020-02-26 | 2021-09-03 | 삼성전자주식회사 | A security circuit including dual encoder and endecryptor including thereof |
Citations (27)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4161036A (en) * | 1977-11-08 | 1979-07-10 | United States Of America, Director National Security Agency | Method and apparatus for random and sequential accessing in dynamic memories |
US5796837A (en) | 1995-12-26 | 1998-08-18 | Electronics And Telecommunications Research Institute | Apparatus and method for generating a secure substitution-box immune to cryptanalyses |
US6334190B1 (en) * | 1997-07-15 | 2001-12-25 | Silverbrook Research Pty Ltd. | System for the manipulation of secure data |
US6385070B1 (en) * | 2001-03-13 | 2002-05-07 | Tality, L.P. | Content Addressable Memory array, cell, and method using 5-transistor compare circuit and avoiding crowbar current |
US20020138740A1 (en) * | 2001-03-22 | 2002-09-26 | Bridgepoint Systems, Inc. | Locked portal unlocking control apparatus and method |
US20030115611A1 (en) * | 1997-11-26 | 2003-06-19 | Hilts Paul John | Method and apparatus for bit vector array |
US20040228482A1 (en) | 2003-04-04 | 2004-11-18 | Stmicroelectronics S.R.L. | Method of implementing one-to-one binary function and relative hardware device, especially for a Rijndael S-box |
US20050276095A1 (en) * | 2003-07-14 | 2005-12-15 | Fulcrum Microsystems Inc. | Asynchronous static random access memory |
US20060177052A1 (en) | 2002-05-23 | 2006-08-10 | Hubert Gerardus T | S-box encryption in block cipher implementations |
JP2006229485A (en) | 2005-02-16 | 2006-08-31 | Sony Corp | Circuit and method for signal processing |
US20080143561A1 (en) | 2006-12-15 | 2008-06-19 | Yoshikazu Miyato | Operation processing apparatus, operation processing control method, and computer program |
US7401223B2 (en) * | 1998-07-10 | 2008-07-15 | Silverbrook Research Pty Ltd | Authentication chip for authenticating an untrusted chip |
US20080276106A1 (en) * | 2005-03-16 | 2008-11-06 | Tosoh Corportion | Data Conversion Apparatus and Data Conversion Method |
US20090055458A1 (en) | 2004-09-24 | 2009-02-26 | O'neil Sean | Substitution Boxes |
US7545933B2 (en) | 2004-02-25 | 2009-06-09 | Infineon Technologies Ag | Decryption circuit, encryption circuit, logic cell, and method of performing a dual-rail logic operation in single-rail logic environment |
KR20090079664A (en) | 2008-01-18 | 2009-07-22 | 고려대학교 산학협력단 | Masking method of ARIA , and ARIA encryption apparatus and method using thereof |
US20090245510A1 (en) * | 2008-03-25 | 2009-10-01 | Mathieu Ciet | Block cipher with security intrinsic aspects |
US7631190B2 (en) * | 2004-05-27 | 2009-12-08 | Silverbrook Research Pty Ltd | Use of variant and base keys with two entities |
US20100002872A1 (en) | 2006-09-01 | 2010-01-07 | Kyoji Shibutani | Data transformation apparatus, data transformation method, and computer program |
US20100115286A1 (en) | 2008-10-30 | 2010-05-06 | Qualcomm Incorporated | Low latency block cipher |
US20100208885A1 (en) * | 2007-10-04 | 2010-08-19 | Julian Philip Murphy | Cryptographic processing and processors |
US20100232602A1 (en) * | 2009-03-13 | 2010-09-16 | Hiromi Nobukata | Encryption processing apparatus |
US7856099B2 (en) | 2003-05-22 | 2010-12-21 | Gemalto Sa | Secure data transmission between two modules |
US20100322411A1 (en) * | 2007-09-07 | 2010-12-23 | Greenpeak Technologies B.V. | Encrypton Processor |
US20100329450A1 (en) | 2009-06-30 | 2010-12-30 | Sun Microsystems, Inc. | Instructions for performing data encryption standard (des) computations using general-purpose registers |
US8095993B2 (en) * | 2004-06-08 | 2012-01-10 | Hrl Laboratories, Llc | Cryptographic architecture with instruction masking and other techniques for thwarting differential power analysis |
US8832464B2 (en) * | 2009-03-31 | 2014-09-09 | Oracle America, Inc. | Processor and method for implementing instruction support for hash algorithms |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101247482B1 (en) * | 2009-08-27 | 2013-03-29 | 한양대학교 산학협력단 | Apparatus for adiabatic logic against power analysis attack |
-
2009
- 2009-12-01 KR KR1020090117881A patent/KR101646705B1/en active IP Right Grant
-
2010
- 2010-09-24 US US12/889,854 patent/US8750497B2/en active Active
-
2014
- 2014-05-30 US US14/291,665 patent/US9344273B2/en active Active
Patent Citations (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4161036A (en) * | 1977-11-08 | 1979-07-10 | United States Of America, Director National Security Agency | Method and apparatus for random and sequential accessing in dynamic memories |
US5796837A (en) | 1995-12-26 | 1998-08-18 | Electronics And Telecommunications Research Institute | Apparatus and method for generating a secure substitution-box immune to cryptanalyses |
US6334190B1 (en) * | 1997-07-15 | 2001-12-25 | Silverbrook Research Pty Ltd. | System for the manipulation of secure data |
US20030115611A1 (en) * | 1997-11-26 | 2003-06-19 | Hilts Paul John | Method and apparatus for bit vector array |
US7401223B2 (en) * | 1998-07-10 | 2008-07-15 | Silverbrook Research Pty Ltd | Authentication chip for authenticating an untrusted chip |
US6385070B1 (en) * | 2001-03-13 | 2002-05-07 | Tality, L.P. | Content Addressable Memory array, cell, and method using 5-transistor compare circuit and avoiding crowbar current |
US20020138740A1 (en) * | 2001-03-22 | 2002-09-26 | Bridgepoint Systems, Inc. | Locked portal unlocking control apparatus and method |
US20060177052A1 (en) | 2002-05-23 | 2006-08-10 | Hubert Gerardus T | S-box encryption in block cipher implementations |
US20040228482A1 (en) | 2003-04-04 | 2004-11-18 | Stmicroelectronics S.R.L. | Method of implementing one-to-one binary function and relative hardware device, especially for a Rijndael S-box |
US7502464B2 (en) | 2003-04-04 | 2009-03-10 | Stmicroelectronics S.R.L. | Method of implementing one-to-one binary function and relative hardware device, especially for a Rijndael S-box |
US7856099B2 (en) | 2003-05-22 | 2010-12-21 | Gemalto Sa | Secure data transmission between two modules |
US20050276095A1 (en) * | 2003-07-14 | 2005-12-15 | Fulcrum Microsystems Inc. | Asynchronous static random access memory |
US7545933B2 (en) | 2004-02-25 | 2009-06-09 | Infineon Technologies Ag | Decryption circuit, encryption circuit, logic cell, and method of performing a dual-rail logic operation in single-rail logic environment |
US7631190B2 (en) * | 2004-05-27 | 2009-12-08 | Silverbrook Research Pty Ltd | Use of variant and base keys with two entities |
US8095993B2 (en) * | 2004-06-08 | 2012-01-10 | Hrl Laboratories, Llc | Cryptographic architecture with instruction masking and other techniques for thwarting differential power analysis |
US20090055458A1 (en) | 2004-09-24 | 2009-02-26 | O'neil Sean | Substitution Boxes |
JP2006229485A (en) | 2005-02-16 | 2006-08-31 | Sony Corp | Circuit and method for signal processing |
US20080276106A1 (en) * | 2005-03-16 | 2008-11-06 | Tosoh Corportion | Data Conversion Apparatus and Data Conversion Method |
US20100002872A1 (en) | 2006-09-01 | 2010-01-07 | Kyoji Shibutani | Data transformation apparatus, data transformation method, and computer program |
US20080143561A1 (en) | 2006-12-15 | 2008-06-19 | Yoshikazu Miyato | Operation processing apparatus, operation processing control method, and computer program |
US20100322411A1 (en) * | 2007-09-07 | 2010-12-23 | Greenpeak Technologies B.V. | Encrypton Processor |
US20100208885A1 (en) * | 2007-10-04 | 2010-08-19 | Julian Philip Murphy | Cryptographic processing and processors |
KR20090079664A (en) | 2008-01-18 | 2009-07-22 | 고려대학교 산학협력단 | Masking method of ARIA , and ARIA encryption apparatus and method using thereof |
US20090245510A1 (en) * | 2008-03-25 | 2009-10-01 | Mathieu Ciet | Block cipher with security intrinsic aspects |
US20100115286A1 (en) | 2008-10-30 | 2010-05-06 | Qualcomm Incorporated | Low latency block cipher |
US20100232602A1 (en) * | 2009-03-13 | 2010-09-16 | Hiromi Nobukata | Encryption processing apparatus |
US8832464B2 (en) * | 2009-03-31 | 2014-09-09 | Oracle America, Inc. | Processor and method for implementing instruction support for hash algorithms |
US20100329450A1 (en) | 2009-06-30 | 2010-12-30 | Sun Microsystems, Inc. | Instructions for performing data encryption standard (des) computations using general-purpose registers |
Non-Patent Citations (1)
Title |
---|
Giaconia, Matteo et al., "Area and Power Efficient Synthesis of DPA-Resistant Cryptographic S-Boxes", 20th International Conference on VLSI Design, IEEE 2007, 7 pages. |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10891396B2 (en) | 2016-05-27 | 2021-01-12 | Samsung Electronics Co., Ltd. | Electronic circuit performing encryption/decryption operation to prevent side- channel analysis attack, and electronic device including the same |
Also Published As
Publication number | Publication date |
---|---|
US20160112194A1 (en) | 2016-04-21 |
KR101646705B1 (en) | 2016-08-09 |
US8750497B2 (en) | 2014-06-10 |
US20110129085A1 (en) | 2011-06-02 |
KR20110061280A (en) | 2011-06-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10769309B2 (en) | Apparatus and method for generating identification key | |
US11856116B2 (en) | Method and apparatus for protecting embedded software | |
JP6354172B2 (en) | Semiconductor integrated circuit and authentication system | |
Sivaraman et al. | Ring oscillator as confusion–diffusion agent: a complete TRNG drove image security | |
US8370642B2 (en) | Cryptographic processing apparatus | |
US7248696B2 (en) | Dynamic system bus encryption using improved differential transitional encoding | |
CN107483180B (en) | High-stability physical unclonable function circuit | |
US9325494B2 (en) | Method for generating a bit vector | |
US9344273B2 (en) | Cryptographic device for implementing S-box | |
WO2014091559A1 (en) | Integrated security device and signal processing method used by integrated security device | |
US10797891B2 (en) | Physically unclonable function resistant to side-channel attack and method therefor | |
US7876893B2 (en) | Logic circuit and method for calculating an encrypted result operand | |
CN117010032B (en) | SRAM physical unclonable function circuit capable of automatically reading and clearing and equipment | |
KR101373576B1 (en) | Des encryption system | |
KR101673163B1 (en) | Physically unclonable function circuit using the dual rail delay logic | |
Chhabra et al. | Towards the enhancement of AES IP security using hardware obfuscation technique: A practical approach for secure data transmission in IoT | |
CN116432202A (en) | High-concealment hardware Trojan circuit and control method thereof | |
Swayamprakash et al. | Design of Advanced Encryption Standard using Verilog HDL | |
Shumsky et al. | Security-oriented encoding of robust codes for non-uniformly distributed words | |
YAMAMOTO | Security Evaluation and Improvement of Physically Unclonable Functions | |
山本大 et al. | Security Evaluation and Improvement of Physically Unclonable Functions | |
JP2006279868A (en) | Semiconductor device, and ic card comprising the same |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 4 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 8 |